How to use cURL to send Cookies?
Solution 1
This worked for me:
curl -v --cookie "USER_TOKEN=Yes" http://127.0.0.1:5000/
I could see the value in backend using
print(request.cookies)
Solution 2
You can refer to https://curl.haxx.se/docs/http-cookies.html for a complete tutorial of how to work with cookies. You can use
curl -c /path/to/cookiefile http://yourhost/
to write to a cookie file and start engine and to use cookie you can use
curl -b /path/to/cookiefile http://yourhost/
to read cookies from and start the cookie engine, or if it isn't a file it will pass on the given string.
Solution 3
You are using a wrong format in your cookie file. As curl documentation states, it uses an old Netscape cookie file format, which is different from the format used by web browsers. If you need to create a curl cookie file manually, this post should help you. In your example the file should contain following line
127.0.0.1 FALSE / FALSE 0 USER_TOKEN in
having 7 TAB-separated fields meaning domain, tailmatch, path, secure, expires, name, value.
Solution 4
If you have made that request in your application already, and see it logged in Google Dev Tools, you can use the copy cURL command from the context menu when right-clicking on the request in the network tab. Copy -> Copy as cURL. It will contain all headers, cookies, etc..
Solution 5
curl -H @<header_file> <host>
Since curl 7.55 headers from file are supported with @<file>
echo 'Cookie: USER_TOKEN=Yes' > /tmp/cookie
curl -H @/tmp/cookie <host>
daydreamer
Hello Viewer, Some of the places to see my work are BonsaiiLabs My Website
Updated on December 03, 2021Comments
-
daydreamer over 2 years
I read that Send cookies with curl works, but not for me.
I have a
REST
endpoint as:class LoginResource(restful.Resource): def get(self): print(session) if 'USER_TOKEN' in session: return 'OK' return 'not authorized', 401
When I try to access as:
curl -v -b ~/Downloads/cookies.txt -c ~/Downloads/cookies.txt http://127.0.0.1:5000/ * About to connect() to 127.0.0.1 port 5000 (#0) * Trying 127.0.0.1... * connected * Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.27.0 > Host: 127.0.0.1:5000 > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 401 UNAUTHORIZED < Content-Type: application/json < Content-Length: 16 < Server: Werkzeug/0.8.3 Python/2.7.2 < Date: Sun, 14 Apr 2013 04:45:45 GMT < * Closing connection #0 "not authorized"%
Where my
~/Downloads/cookies.txt
is:cat ~/Downloads/cookies.txt USER_TOKEN=in
and the server receives nothing:
127.0.0.1 - - [13/Apr/2013 21:43:52] "GET / HTTP/1.1" 401 - 127.0.0.1 - - [13/Apr/2013 21:45:30] "GET / HTTP/1.1" 401 - <SecureCookieSession {}> <SecureCookieSession {}> 127.0.0.1 - - [13/Apr/2013 21:45:45] "GET / HTTP/1.1" 401 -
What is that I am missing?
-
matts1 about 10 yearsAs long as you never, ever have a boolean for a user token as a cookie, given that they can just authenticate themselves without logging in that way.
-
ryenus over 9 yearsAccording to the man page, for option
-b, --cookie
, e.g.curl -b <file-or-pairs>
, if the argument is a string having the'='
symbol, it's passed as is, otherwise it's treated as a filename to read cookie from. -
m3nda almost 9 yearsYes, this is the cURL cookie format. These are TABS and not SPACES.
-
nhed almost 8 yearsIMO you did not enhance on the official doc which is clear as mud - beside the overloading of the
-b
flag what is the essential diff between-c
&-b
they both start the engine and point to a cookie file? -
Madbreaks over 7 years@nhed
-c
writes to the cookie file,-b
reads from it. So when sending credentials for a login form you would specify-c
to write the resulting cookie to a file, then you would use-b
to read from and include the cookie in your next request. -
LinuxDisciple over 7 yearsOr do
curl -b cookiefile -c cookiefile https://yourhost/
to read and write to the same cookie store like browsers do. -
Admin almost 7 yearsmultiple cookies can be set with semicolons
--cookie "key1=val1;key2=val2;..."
-
Valber over 5 yearsThis should be marked as the official answer, since this truly addresses the point as to why @daydreamer's setup was failing.
-
Sahbi over 3 years
~
is not expanded to$HOME
if it's put within quotes, in which case it will be treated as a literal tilde. ;] -
JSuar almost 3 yearsThis solution is much easier if the cookie you need is already available via a browser. +1
-
tharinduwijewardane almost 3 yearsFor sending multiple cookies, I had to put a space after
;
(I am using a mac) Eg:--cookie "key1=val1; key2=val2"